Sessions at Application Security Forum 2011 – Western Switzerland on Thursday 27th October

Sujet: Harmonizing Identity and Privacy in Digital Identity and Authentication technologies
Thème : Digital Identity
Niveau technique : 300
Abstract : When we think about authentication and more specifically about strong authentication mechanisms based on cryptographic primitives, we first think about techniques generating non-repudiable identity proofs. It seems like the more “secure” an authentication scheme is, the less control the Subject have over its privacy using it. Facing the Security vs Privacy debate, we might be tempted to intuitively (but wrongly) assume that those concepts are diametrically opposed.
In this talk, the presenter will introduce some concepts and associated techniques which
could be leveraged to provide secure authentication without sacrificing privacy. This talk
will first highlight the privacy side effects associated with the classical authentication
schemes based on X.509 certificates before having a closer look at selective disclosure,
ZKIP, Digital Credential and their implementations in the real world.